Transport Layer Security (TLS) proxy functionality is a key security mechanism for many networks. In particular, a TLS proxy allows security systems such as firewalls and intrusion protection systems (IPSs) to inspect encrypted traffic between the enterprise network and the Internet. Notably, the TLS proxy may act as a “man in the middle” between a device in the enterprise network and the remote server, to obtain the cryptographic information needed to decrypt any encrypted traffic communicated between the device and the remote server, such as Hypertext Transfer Protocol Secure (HTTPS) traffic. In turn, the TLS proxy may intercept the encrypted traffic, decrypt the traffic using the obtained cryptographic information, and provide the decrypted traffic to the firewall, IPS, etc.
As part of its proxy functions, a TLS proxy validates the certificate of the remote server, to ensure that the device on the enterprise network is communicating with a trusted entity. This certificate validation generally involves checking whether the certificate contains the desired domain name of the remote server and whether the certificate was issued by a trusted certificate authority. Typically, a TLS proxy uses a default trust anchor list (e.g., a list of one or more entities that are already trusted by default), to validate the server certificate. However, this gives rise to several potential security vulnerabilities that could be exploited as part of a certificate validation attack: 1.) the TLS proxy has no way of knowing which trust anchor should vouch for the specific domain associated with the server certificate, and 2.) since any domain can be vetted by any certificate authority, all domains will be vulnerable to a man-in-the middle attack if a certificate authority becomes compromised.